Updated apache2 packages for SUSE

3 posts / 0 new
Topic locked
Last post
#1 Fri, 02/24/2006 - 00:04
Joe
Joe's picture

Updated apache2 packages for SUSE

I've just added new apache2 builds for both SUSE 9.3 and 10.0. These packages address a couple of low-grade security issues (details below). As with any security update, it is recommended for all users.

The following updated packages are available for SUSE 10.0:

apache2-2.0.54-11.3.vm.i586.rpm apache2-example-pages-2.0.54-11.3.vm.i586.rpm apache2-debuginfo-2.0.54-11.3.vm.i586.rpm apache2-prefork-2.0.54-11.3.vm.i586.rpm apache2-devel-2.0.54-11.3.vm.i586.rpm apache2-worker-2.0.54-11.3.vm.i586.rpm apache2-doc-2.0.54-11.3.vm.i586.rpm libapr0-2.0.54-11.3.vm.i586.rpm

The following updated packages are available for SUSE 9.3:

apache2-2.0.53-9.10.vm.i586.rpm apache2-example-pages-2.0.53-9.10.vm.i586.rpm apache2-debuginfo-2.0.53-9.10.vm.i586.rpm apache2-prefork-2.0.53-9.10.vm.i586.rpm apache2-devel-2.0.53-9.10.vm.i586.rpm apache2-worker-2.0.53-9.10.vm.i586.rpm apache2-doc-2.0.53-9.10.vm.i586.rpm libapr0-2.0.53-9.10.vm.i586.rpm

From the SUSE security report, this update fixes:

  • a cross-site-scripting bug in the imagemap module mod_imap (CVE-2005-3352)

  • a bug in mod_ssl that allowed attackers to crash apache (CVE-2005-3357)

Fri, 02/24/2006 - 02:31
KevinRauth

Joe,

Tried to update the apache2 packages using yum on SuSE 10.0 failed with the following error.

Dep Number: 1/1
apache2 requires: /usr/local/bin/perl
--> Processing Dependency: /usr/local/bin/perl for package: apache2
Requiring package is from transaction set
Resolving for requiring package: apache2-2.0.54-11.3.vm in state u
Resolving for requirement: /usr/local/bin/perl
Searching pkgSack for dep: /usr/local/bin/perl
miss = 1
conf = 0
CheckDeps = 0
--> Finished Dependency Resolution
Dependency Process ending
Error: Missing Dependency: /usr/local/bin/perl is needed by package apache2

On SuSE 10.0 perl is in the /usr/bin/ not the /usr/local/bin/.

Sat, 02/25/2006 - 00:53 (Reply to #2)
Joe
Joe's picture

Hey Kevin,

Thanks for the heads up. I have no clue how that could possibly have come to be (or how the SUSE packages actually work and mine don't--I rebuilt from their SRPM).

I'm looking into it. Will have an updated package in the repo ASAP.

--

Check out the forum guidelines!

Topic locked